Archive for the ‘anti virus’ Category

Symantec, the space hog

December 9, 2015

If you’ve found this page then you know how much of a pain Symantec Endpoint Protection can be when it comes to eating up space. Server today ran out of space – down to 500mb on the main drive. After clean up it’s back to 71GB… yes you read that right.

So how to clean up Symantec Endpoint Protection’s mess? Simple;

Stop the Symantec Services.
Go to C:\Program Files\Symantec\Symantec Protection Center\db and delete (or if you have space then copy this off somewhere or zip it) the sem5.log.
Start the Symantec Services.

That bad boy just continues to eat up space without regard for the environment. Now I’m assuming that there is some sort of limit you can impose on the log file but honestly I haven’t had time (who does) and so I periodically remote in and run the above steps.

Fixed problem.

Symantec Endpoint DB /Log file out of control?

January 29, 2015

So I had a log file that was 98GB.
I found a forum post from Symantec giving a download for a file that would compress the db/log but in order to run that app you had to have lots of space on your drive!
So what happens if I ‘m running out of space and I need more? Tough, you can’t set a different cache folder that the compression tool works with. Wonderful.

Instead, just run through the process of backing up the DB. There is a DB backup app under tools in the Symantec programs location. What does that do? Well for starters is just clears the log file… Oh yeah.

Or you can do this;

  • Stop the Symantec Services.
  • Go to C:\Program Files\Symantec\Symantec Protection Center\db and delete (or if you have space then copy this off somewhere or zip it) the sem5.log.
  • Start the Symantec Services.

Simple fix I thought.

Avast Console Service not starting!

May 22, 2012

Grrr – this one really bugged me. I had a problem with a server running Avast Console. One day it just decided not to work anymore.
After many moments of hair pulling and gnashing of teeth I found there were two things that were just plain wrong. (Trust me I uninstalled and resintalled to no avail).

  • First – I went to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avast! Administration Console\ImagePath and found that the path name to the console service did not have quotes (“”) around it. Fixing that got me a little further…
  • Second – the service logon credentials were set to a specific local account NOT to LocalSystemAccount like all the other Avast services. Changed that, plus the first point and the service started!

Next problem; The security certificate… Ahhhhh

Scan windows system files

February 8, 2012

Sometimes when a virus or HD corruption affects your machine it’s nice to check that all the right windows system files are in the right place.
Run this;
sfc /scannow

Anti Malware – What I use…

May 11, 2011

So there came a time today where I needed to refresh my opinion on anti malware products out there.

Traditionally I have used Spybot S&D and Malwarebytes. Both are very good (I know some people bitch about Spybot but you can customize it how you like so IMO it’s still good.).

However this time round I wanted to avoid spending all day scanning one computer only to find out that the residing malware had evaded said products.

So I browsed around and got some more opinions. Here’s what I found;

Malwarebytes

Primarily people are happy with it generally and most people use it. For good reason. It won’t always catch everything but it gets close. Make sure you do the FULL scan not just the quick scan BTW in case that wasn’t obvious.

Spybot S&D

Tried and trusted – also used by many people. Now, quite a few users expressed some doubts with Spybot – nothing concrete, but there is the sense out there that it is “old”. In my opinion that view is not quite accurate, as they update it constantly and besides for the extra bits they give you it is still worth it.

Yes I know the “Teatimer” resident app can slow your machine down as well as slow your Internet traffic but you can turn it off if you want, and if you keep it active then well, hey you have a resident antimalware checker for free. That is hard to beat.

It’s not the best in my experience when it comes to detection (Malwarebytes beats it) but it’s another tool in the arsenal.

Emsisoft

I had not heard of this one until today. There’s a free for personal use and also a full version trial, if you’re corporate and need to disinfect something… and of course would like to see how it fares before you pony up for the full version.

So far seems to be quite good. I heard quite a few good things about it and no bad things, which gives it a good start. However the main thing I do not like about it are the popups. Very annoying and not too dissimilar from the malware popups you get. With that being said, I’m sure you can turn them off.

Scanning options are good – “Basic” – resident and immediate threat locations (read : browser), “Smart” – same as Basic but with system files thrown in and “Deep”, which is all files.

I ran the Smart scan. Not very impressed that it found a bazillion cookies. Yes I know they can be undesirable but it made me feel as though they were trying too hard to tell you they caught crap. That being said, it did find one downloader that Malwarebytes and Spybot did not. Hurrah for the new guy! [Edit : might take that last sentence back. It looks like it is NOT a “high risk” that it found but a Popcap dll for updating their games and giving you ads. Hardly “high risk”…annoying yes but high risk?]

SuperAntiSpyware

I gotta say when I first went to their website I was thinking I had been duped, but it really does seem to be legit. (Seriously guys I would tone down the big colored buttons OK?).

I heard so many good things about this that I had to include it. I downloaded it but haven’t installed it yet. I did check out reviews and opinions and it seems to be on par if not more popular than Emsisoft.

I will update this when I have actually used it…

**UPDATE** This software is awesome. I have used it in about half a dozen cases and each case it removed the viruses completely. In only one case when I did a quick scan it didn’t catch all of the nasties but after running a full deep scan it did find them all. Awesome. I love it. It has also become my de-facto default scanner.

BitDefender (Boot disk)

Sorry to have almost forgotten this but The Bitdefender boot disk (which is a free download) can also really help for obvious reasons. I haven’t used it recently because the other guys above have done such an excellent job but if you do get stuck then BD bootdisk is worth  try.

What do other ppl use for emergency pc repair?

March 31, 2011

I found this while stumbling and thought it was so useful that I simply had to post it here;

########################

So, here is my list:

Note: feel free to add your tools to my list. If it’s an alternative, please don’t replace mine, add a sub-list started by “alt:” and say why do you prefer this one.

Boot-cd/usb key

Ubcd4win create a (custom) live cd that contains software used for repairing, restoring, or diagnosing almost any computer problem.
alt: Microsoft Emergency Repair Disk: a system rescue disk PE environment with advanced recovery tools like resetting passwords, hard drive repair, offline registry editing, file explorer, command prompt, etc. Only available to Software Assurance and MSDN subscribers, as part of the Desktop Optimization Pack. If you’re a student, may be available to you through MSDNAA.
Offline NT Password & Registry Editor reset windows password
alt: Ophcrack (sort-of) brute-force windows password (if they are EFS encrypted files)
CloneZilla disk imaging backup
GParted partition editor
Stresslinux minimal linux with tools to monitoring hardware health: stress, cpuburn, hddtemp, lm_sensors, memtest86+, …
alt: Memtest86+ RAM tester (don’t need command line)
Hard Drive Manufacturers diagnostic tools: fujitsu / hitachi / samsung / western digital / seagate (maxtor)
Spinrite low level hard disk recovery (89$)
alt: HDD Regenerator (40$)
Kits

Sysinternals suite (1=included in this suite) a great set of tools by Sysinternals (so great that MS bought them)
NirLauncher (2=included in this suite) another great set of tools by NirSoft integrated in a launcher (that could be used easily with sysinternals suite too)
GnuWin32 port of the most important GNU utilities to Windows (command-line)
Remote control

Teamviewer all-in-one solution for remote access and support over the Internet. Easy (don’t have to open ports on firewall/router), secure, and full featured.
alt: UltraVNC: less convenient but open source and free even in a professional environment
Anti-malware

Avira (use rescue disk or the one included in ubcd4win) and/or Kaspersky Virus Removal Tool
alt: Malwarebytes’ Anti-Malware / SpyBot – Search & Destroy / DrWeb Cure It / AVZ / a-Squared Emergency USB Stick
Microsoft Security Essentials or Avira (a little bit better but contains nag screen) -to install
alt: Avast / AVG
alt not freeware: Norton Internet Security (70$/year) / Kaspersky Internet Security (60$/year) / Eset Smart Security (48€/year) / PC Tools Internet Security (50€/year)
System Explorer lists processes, startups, services, drivers… Check them with it’s own database, VirusTotal or Jotti services. Snapshots before/after for registry/disk changes
RootkitRevealer(1) anti-rootkit
alt: Gmer more powerfull (but harder to use) anti-rootkit
Virus Effect Remover Repair/Fix damaged items like TaskManager, RegEditor, Folder Options, Windows AutoUpdate.
Startup Tools

Autoruns(1) the most comprehensive knowledge of auto-starting locations of any startup monitor
alt: RunAlyzer edit an external registry hive (used easily from a boot cd)
Process Tools

Process Explorer(1) detailed process, handles & dll informations
Process Monitor(1) real-time file system, registry and process/thread activity
Svchost analyzer lists all svchost instances and checks the services they contain
Registry Tools

Registrar registry manager (lite) advanced registry manager
alt: Reg
Eusing free registry defrag
Backup Tools

DriveImage XML disk imaging (shadow copy)
Cobian Backup automated backup -to install
Toucan on-demand backup
ERUNT registry backup
SingleClickRestorePoint
Netprofiles save & restore network profiles
SoftKey Revealer licence keys backup
All Nirsoft password tools(2) passwords backup
File Tools

Everything quick searching
alt: AstroGrep for non-ntfs drive
Recuva recover delete files
RichCopy advanced copy tool
alt Unstoppable Copier copy files from broken hd
FileASSASSIN advanced delete (remove handle or delete at reboot)
alt: Delete Doctor delete with short DOS name or UNC name
alt: DelinvFiles same as delete doctor, but can scan the drive for invalid file names and from my experience it was successful where delete doctor wasn’t. But it’s a shareware: 26.95$
WinDirStat: graphical view of hardrive space usage
alt: SpaceSniffer nicer interface
alt: SequoiaView
WinMerge folders/files comparison
Hashcalc md5,sha,crc32 checksum
TrIDnet file identifier
Disk Tools

Drive Manager
MyDefragPowerGUI featured (& free) defragmenter
Easeus Partition Master (home edition) partition manager
HDTune hd scan & S.M.A.R.T. info
alt: Active@ HD Monitor freeware more featured, but not portable
TestDisk designed to help recover lost partitions and/or make non-booting disks bootable again
ddrescue copies data from one file or block device (hard disc, cdrom, etc) to another, trying hard to rescue data in case of read errors.
Hardware Tools

IntelBurnTest test cpu
FurMark test gpu
Eizo Monitor Test fine-tune your monitor
Pixel Doctor locate and fix LCD screens dead pixels
Drivers Tools

DoubleDriver backup/restore drivers
DPC Latency Checker real-time drop-outs graph
DeviceRemover (very) advanced device manager
Cleaning Tools

RevoUninstaller uninstaller that help to remove leftovers (without the need of monitoring install)
CCleaner remove unused and temporary files
PC Decrapifier remove or uninstall a specific list of unwanted software
JavaRa removes old and redundant versions of the Java Runtime Environment
Network Tools

NetWorx bandwidth meter
alt: NetMeter the live graph looks better but is a little less featured and have some instabilities on w7
NetResView(2) lists all network resources (computers, disk shares, and printer shares) on your LAN
CurrPorts(2) lists all currently opened TCP/IP and UDP ports and the processes that opened them
AS3 Personal Firewall portable firewall
eToolz gui for NS-Lookup, Ping, TraceRoute and Whois
Performance Pinging graph ping
Wireshark network protocol analyzer
Secunia PSI vulnerability scanning
SG TCP Optimizer (XP) (re)set & optimize tcp parameters
Misc

System Info for Windows (aka SIW) gives a ton of information about the system, including installed software, hardware configuration, license keys, and network info. Free for non-commercial use; $70 for “technician’s license”.
SUMo software updater tool
BlueScreenView(2) crash dump analysis
ShellExView(2) shell extensions manager
Whyreboot lists reboot “pending file operations”
XP Quick Fix Plus 40 common Windows XP problems fixes
7 Quick Fix 21 common Windows 7 problems fixes
thewindowsclub.com fix tools: FixWin (50 common 7/vista annoyances), Fix IE (internet explorer), Fix MSE (ms security essential), Fix WU (windows update), Fix WMP (windows media player), File Association Fixer
GodMode creator (7/Vista) create easy shortcuts to almost every settings & informations (CLSID folders)
Print Service Manager easily kill stucked print jobs
Filmerit directshow filter manager
And some other essential tools, but not directly related, like notepad++, autohotkey, firefox (and its bookmarks)…

Most of these tools are portable and free (at least for personal use) and yes it’s only the essentials one 😉

And if you want more security related software: Gizmo’s Best Free Security List (by Antti Koponen)

Need a Boot disk for AntiVirus Scan?

October 22, 2010

Look no Further…. OK well maybe you should look further but in the interests of getting this out there as fast as I can… here’s a way that’s free and works;

http://www.bitdefender.com/KB627

Yes it’s Bitdefender. I have used BitDefender for a few years now and whilst you need to tweak it out of the box to stop it from grinding your machine to a halt, it does good work.

Today I used the boot disk… it seems…to have actually…worked!

O

M

G

An AntiVirus product that works?!?! What has the world come to?

This is awesome. Go buy Bitdefender now! Of course it would be even better if the AntiVirus had stopped the virus in the first place but I can’t blame Bitdefender for that as the infected machine was using…. Trend Micro…. I shall have to have words with them….

Anyway for now thanks to Bitdefender for giving away that boot disk that did the job.

Woot!

Virus Fightin’

January 27, 2010

Wow, What a complete @#$*#@*& of a virus.

The virus in question was called Vundo (or at least a variant there of).

Steps taken;

  • Repaired Windows to get it to boot.
  • Ran Symantec AntiVirus – Found it! yay. Deleted? Yes! yay.
  • Reboot – virus is still there.
  • Turn off system restore – no system restore tab!
  • Run regedit to turn it back on – disabled.
  • Disabled System restore service – worked.
  • Boot into safe mode, install MalwareBytes anti-Malware app. As soon as it’s installed the app is deleted before I can run it! (virus is still there).
  • Downloaded Spybot, installed and ran OK. Yay! Ran full scan. It starts to catch stuff…
  • Brain fart… I downloaded and INSTALLED MalareBytes on another machine. Copied the application folder (after install) to thumb drive. Ran Malwarebytes directly from thumbdrive. It runs! Yay!
  • After that downloaded and installed AVG Free and ran deep scan on that.
  • Downloaded and installed Windows Defender. (free from Microsoft)
  • If, after turning off the system restore, (courtesy of MalwareBytes reactivation) running full scans with MalwareBytes, Spybot S&D, AVG as well as Windows Defender and it all comes up clean, then you’re home and free… This is where I got to and was able to recover the machine, however I’ve had to rebuild too many machines recently because of these $*&@#% viruses/Malware/Scareware/annoying programs.
  • If it still keeps coming back then it’s time to rebuild the machine I’m afraid.

Useful Links…

AVG Free

MalwareBytes

Spybot S&D

Windows Defender

Acronis (for whole machine backups including applications)

Printer sharing

October 31, 2008

Picture this; I have a network with multiple computers (Mac and Windows machines). I share a printer from a Windows XP Home machine. 

I get the Mac’s up and running on that shared printer in seconds. the same goes for my XP home laptop.

When it comes to an XP pro laptop which is a member of a different domain it won’t work. When I type in the machine name using UNC or even the IP address I get a listing of the shares on that machine including the printer I want to connect to. If I try to connect to it I get the error “operation could not be completed”.

I tried many many things to resolve this (I thought it must have been the XP pro machine that was causing the error initially).

The fix was to remove Norton 360 from the host machine and install something more sensible such as BitDefender AntiVirus. Once that was complete it worked from the XP Pro laptop.

Another strange but true issue.

Quick Symantec license tip (finding where it is!)

August 21, 2008

For what ever reason, I’ve had some issues with finding where the license was for Symantec Corporate Anti Virus on the server. I’m not sure why I couldn’t see this before but I thought I’d add this note for future reference;

  1. Open up the Symantec Client Security application called Symantec AntiVirus.
  2. Click View / License.
  3. It should give you the License # as well as the expiration date.
  4. Just in case you can’t get this view, the file for the license should be kept at the following location;
  5. C:\Program Files\Common Files\Symantec Shared\Licenses